Let’s try to understand Windows 11 Intune enrollment process. This post will help you to learn more about how to enroll Windows 11 PCs into Intune using a manual method. This method can be used to test some Windows 11 + Intune scenarios from personal PCs.
There are different methods to enroll Windows 11 PCs to Intune (a.k.a Microsoft Endpoint Manager). You can use MDM auto-enrollment option from Azure AD to automatically enroll Azure AD joined Windows 11 PCs. You can also use Intune Group policy to enroll Hybrid Azure AD joined devices to Intune automatically.
The Windows 11 Intune enrollment workflow is similar to that of Windows 10. However, there are UI-related changes in the Settings apps and Account tab. I felt the new changes are clearer in Azure AD join/only device management, etc. More details are available below section.
Intune Enrollment Process for Windows 11 PCs
Let’s see how to enroll Windows 11 devices into Intune (MEM). This is the manual method to enroll the Windows 11 personal PCs. As I mentioned above, Microsoft will support other automated ways of Intune enrollment.
NOTE! – Windows 11 is part of the insider preview release while writing this post. Hence, all these supported scenarios might be only available after Windows 11 production release.
- Click on Start or Search option from Windows 11 Taskbar to launch Settings application.
- Navigate to Accounts tab from Settings app.
- Click on Access work or School option on the right side page.
You can now see the various options, and you can get confused if you are not familiar with the manual Intune enrollment process. If you want to use your personal account (BYO-Personal device scenario), you will have to enroll only in the device management option.
However, there are options to perform Azure AD join scenarios from this Access Work or School page. If you perform an Azure AD join scenario, you will have to use the Azure AD login credential to login to Windows 11 PC. In this post, I will cover Enroll only in the Device Management scenario for personal Windows 11 PCs.
- Click on the last option in this page called – Enroll only in device management.
I have seen scenarios where you will have a different ID for Azure AD and email. In that scenario, you will have to use the Azure AD user name. In the following example, I’m using onmicrosoft.com ID. However, I can use any other Azure AD user ID (custom domain HTMD.com) as well.
- You will have to enter the Azure AD ID or email ID.
Enter the password for the Azure AD user name and click on Sign in to start the Intune enrollment. There could be scenarios like you might need to provide additional security verification because of Multi-Factor Authentication (MFA) scenarios.
This is the screen where all the magic happens. Windows 11 PC is trying to contact Intune servers and register the Windows 11 PC into Azure AD and then enroll the PC into Intune device management. I have seen some organizations restrict/block personal device enrollment. If that policy is in place for your organization, you won’t proceed further.
The following screen gives us the good news that the Intune enrollment of Windows 11 PC is completed successfully. And now you can manage this device from Intune or MEM. You can also access the corporate email, chat, etc…
It will take a few minutes to connect to your school or workplace. Any company apps, network settings, email accounts, security policies, or other settings your school or workplace has set up for you will soon be set up on your device. After waiting a few minutes, open the Settings app and select Account > Access work or School > Info > Sync if you don’t have access after waiting a few minutes.
How to Initiate a Manual Intune Policy Sync from Windows 11 PCs
You can initiate a manual Intune (MEM) policy sync from Windows 11 PCs. This manual sync triggers immediate sync between Intune service and Windows 11 PC. You will need to follow the steps mentioned below to initiate a manual Intune policy sync.
- Naviage to Settings app -> Accounts -> Access work or scholl.
- Click on the drop down button on option called – Connected by [email protected] connected to Default Directory MDM.
- You can now see an Info button.
- Click on Info button to open the a new Settings app page.
Once you are there on the Info page, you can scroll down until you see a SYNC button. The sync button is the one that triggers and initiates the manual sync between Intune service and Windows 11 MDM client.
- Click on SYNC button to immedietly initiate Intune policy sync.
- The Intune sync can take several minutes, wait for Sync to complete.
- Check whether you have received new policies or applications after the sync.
You can check the server-side (Intune- Microsoft Endpoint Manager admin center) portal to check whether the newly enrolled Windows 11 device is available there or not. You can also confirm the Windows 11 build numbers from the Devices node in the admin center portal for MEM/Intune.
About Author -> Anoop is Microsoft’s Most Valuable Professional Award winner from 2015 on the technologies! He is a Solution Architect on enterprise device management solutions with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group Community leader. His main focus is on Device Management technologies like Configuration Manager, Windows 365 Cloud PC, Intune, Azure Virtual Desktop, Windows 10, and Windows 11.